Signature Detail

Short Name	SMTP:COMMAND:VRFY
Severity	Medium
Recommended	No
Category	SMTP
Release Date	2003/08/27
Update Number	1213
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SMTP: VRFY Command

This protocol anomaly triggers when it detects an attempt to use the SMTP VRFY command. This command is not used by most standard clients and servers and can reveal sensitive information about e-mail accounts.

Extended Description

A vulnerability exists in sendmail on all versions of SunOS up to version 4.0.3 which allows remote users user 'bin' access to the vulnerable host. This vulnerability is Sun bug # 1028173.

Affected Products

Sun SunOS 3.5.0
Sun SunOS 4.0.0
Sun SunOS 4.0.1
Sun SunOS 4.0.2
Sun SunOS 4.0.3
Sun SunOS 4.0.3 c

References

BugTraq: 6
CVE: CVE-1999-0531
URL: http://www.securityspace.com/smysecure/catid.html?viewsrc=1&id=10249
URL: http://www.unoverica.com/documentation/ucm/mt211g13.html

Signature Detail

Short Name

Severity

Recommended

Category

Release Date

Update Number

Supported Platforms

SMTP: VRFY Command

Extended Description

Affected Products

References